In the past few days, there has been a lot of talk and activity around a large number of Magento stores (greater than 7,000) being infected by malicious code that is causing Google to blacklist the sites. Sucuri’s blog post summarizes the issue.

Magento also addresses this on their security website.

What is the cause?

No new vulnerabilities have been detected by Magento or anyone else up until this point. It looks like this is a combination of previously un-patched Magento stores, unsecured Magmi (a Magento extension) installs, and possibly brute forced and/or malware to obtain passwords off of computers to the admin interface.

Magento itself, when updated and fully patched, is safe from these type of attacks.

What we’ve done

We have run an extensive audit of all installed Magento stores we host looking for signs of this attack. We are happy to report that no sites were found to be infected or compromised related to this latest attack. We will continue to monitor the issue in case something new is discovered.

Since we automatically apply all security related patches to all Magento stores we host, this reduces the possibility of being compromised by hackers due to exploits in the core code of Magento. We also scan for any insecure Magmi installs, as this is a common entry point for hackers.

In addition to patching, we also run a daily malware scan on all changed files on every server looking for malicious code that has been uploaded. This helps us quickly identify and stop an attack if one were to occur.

….

It is important that all store owners remain vigilant and make sure their stores are fully patched, all extensions are updated with the latest secure versions, and an audit is conducted regularly of admin users. Doing these things, combined with our safety measures, will help keep your store safe and secure during the upcoming holiday shopping season.